﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;

namespace NSX07
{
  
        public partial class login : System.Web.UI.Page
        {
            protected void Page_Load(object sender, EventArgs e)
            {

            }

            protected void btnLogin_Click(object sender, EventArgs e)
            {
                // check username and password from database

                //CustomerTableAdapter customer = new CustomerTableAdapter();
                //System.Web.Configuration.WebConfigurationManager.ConnectionStrings.ToString();
                SqlConnection cn = new SqlConnection();
                cn.ConnectionString = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ConnectionString"].ToString();

                //string QueryString = "SELECT * FROM Customer WHERE username = '" + txtUsername.Text + "'";
                    SqlCommand cmd = new SqlCommand("SELECT * FROM Customer WHERE username = @username", cn);
                    cmd.Parameters.Add("@username", SqlDbType.VarChar);
                    cmd.Parameters["@username"].Value = txtUsername.Text;
                    cn.Open();
                   // DataSet ds = new DataSet(cmd, cn); 
                    SqlDataReader rdr = cmd.ExecuteReader();
                    rdr.Read();
                    if(rdr.HasRows==false)
                    {
                       
                        lblerrorname.Text = "username does not exist!";
                    }
                    else if (txtPassword.Text == rdr["password"].ToString())
                    {
                        Session["Authenticate"] = "Yes";
                        Session["User"] = rdr["username"].ToString().Trim();
                        Session["Role"] = rdr["role"].ToString().Trim();
                        Response.Redirect("default.aspx");
                    }
                    else
                    {
                        lblerrorname.Text = "";
                        Lablblerrorpass.Text = "username does not exist!";
                    }
            }
        }

}
